Spirit of Sutterby
General Data Protection Regulation (GDPR) Procedures
Spirit of Sutterby has a data protection policy, which is reviewed regularly. In order to help us uphold the policy we have created the following procedures, which outline ways in which we collect, store, use, amend, share, destroy and delete personal data.
These procedures cover the main regular ways we collect personal data. We may from time to time collect and use data in ways not covered here. In these cases we will ensure our data protection policy is upheld.
Data will be stored securely. When it is stored electronically it will be kept in password protected files. If it is stored online in a third-party website we will ensure the third party comply with the GDPR. When it is stored on paper it will be filed carefully and securely.
When we no longer need data or when someone has asked for their data to be deleted it will be deleted securely. We will ensure that data is permanently deleted from computers and that paper data is shredded.
We will maintain a mailing list. This will include the name and contact details of people who wish to receive project information from Spirit of Sutterby
We will provide information about how to be removed from the list with every mailing
To allow volunteers to work together for the benefit of the project it could sometimes be necessary to share volunteer contact details with other volunteers. We will only do this with specific consent.
Steering Group members
The Steering Group need to be in contact with one another in order to run the project effectively and ensure its legal obligations are met.
Steering Group contact details will be shared among the Steering Group
Steering Group members will not share each other’s contact details with anyone outside of the Steering Group or use them for anything other than Spirit of Sutterby business without specific consent.
These procedures will be reviewed every 2 years
Steering Group: Dave Start, Julia Brocklehurst, David Stonehouse, Denise & Geoff Wheatley